Acknowledged by will always be set to the user context associated with the acknowledge request. However, it is possible to override this user context at the request level. If you authenticate (the HTTP Authorization header) as an admin-level Orion user, you can add an HTTP header "X-SolarWinds-Impersonate" whose value is the name of another Orion user account. The impersonation target must be a valid Orion user account that is not disabled or locked out - you can't just put an arbitrary string there. Assuming those requirements are met, then the request will be handled as if it were made by the impersonated user. This includes authorization checks like user rights and account limitations as well as the identity used for audit events.